From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Fri, 8 Nov 2019 11:03:23 +0000 (+0100)
Subject: test-bpf-firewall: do not mlock() a large amount of memory
X-Git-Tag: v244-rc1~62^2~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee19c8073345877c6cb9e6fa760660b82b71558d;p=thirdparty%2Fsystemd.git

test-bpf-firewall: do not mlock() a large amount of memory

64MB is not that much, but let's not be greedy, esp. because we may run
many things in parallel.

Also, rlim_cur should never be higher than rlim_max, so let's simplify our
code.
---

diff --git a/src/test/test-bpf-firewall.c b/src/test/test-bpf-firewall.c
index 3155cd24cf2..9fd1b429db5 100644
--- a/src/test/test-bpf-firewall.c
+++ b/src/test/test-bpf-firewall.c
@@ -16,8 +16,8 @@
 #include "unit.h"
 #include "virt.h"
 
-/* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
-#define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
+/* We use the small but non-trivial limit here */
+#define CAN_MEMLOCK_SIZE (512 * 1024U)
 
 static bool can_memlock(void) {
         void *p;
@@ -64,7 +64,7 @@ int main(int argc, char *argv[]) {
                 return log_tests_skipped("test-bpf-firewall fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
 
         assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
-        rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
+        rl.rlim_cur = rl.rlim_max = MAX(rl.rlim_max, CAN_MEMLOCK_SIZE);
         (void) setrlimit(RLIMIT_MEMLOCK, &rl);
 
         if (!can_memlock())